hide or show objects depending on user logged in

Question

As the title says, im trying to figure if i can make objects aka a button an table be invisible or hidden (whatever the attribute is). I have never accounted this before but im trying to learn some webdesign and need to do this. Bascially im trying to have a site and CMS at the same time. So when my admin logs in i want certina things to be only visible by him. and when i log in to a user account only normal things show and no edit/inset/ update buttons.
below i pasted my login validation that is on each page. Thank you

<?php 
$saved = false;
session_start();
error_reporting(0);
if (!array_key_exists('userName', $_SESSION)) {
    header('Location: index.php');
}

--

 <form name="form" action="<?php echo $editFormAction; ?>" method="POST">
   <table width="600" border="1">
     <tr>
       <td><span id="sprytextarea1">
         <label for="content">content</label>
         <textarea name="content" id="content" cols="45" rows="5"></textarea>
         <span class="textareaRequiredMsg">A value is required.</span></span></td>
     </tr>
     <tr>
       <td>submit
         <input type="submit" name="submit" id="submit" value="Submit" /></td>
     </tr>
   </table>
   <input type="hidden" name="MM_insert" value="form" />
 </form>

Answer 1

The code you've provided won't help you in any manner...If you want such CMS, you need to have a table holding users info, probably you must be having, if yes, than add a column called user_level, once you have that column you can have different kind of user levels like admin, superadmin, manager, employee etc, now when the user logs in, fetch the user level from the database and save it in a session like this

$_SESSION['user_level'] = $fetched_data['user_level'];

Once you've saved the user level in the session, you can simply use an if condition to check whether the user is of that particular level and show the data accordingly, for example

if($_SESSION['user_level'] == 'admin') {
   //The HTML or PHP code here will be only available for user having a user level of admin
}

So in your case if you want to show buttons only to the admin you can make it like this

<?php
if($_SESSION['user_level'] == 'admin') {
?>
<form method="post">
   <input type="submit" name="whatever" />
   <!-- Other Fields -->
</form>
<?php
}
?>

The above piece of code will only run if the userlevel of the loggedin user is admin.

Also you can do this to avoid other users to view some pages which are meant for admin only, for example control panel, so you can write this condition on the top of the page to see whether the user is admin than show the page else redirect the user to home page

<?php
  session_start();
  if($_SESSION['user_level'] != 'admin') {
    header('Location: home.php');
    exit;
  }
?>

Note: Always use session_start() at the top of the page, before you start any PHP code or HTML

Answer 2

This is quite easy. Since you already know whether they are logged in on every page, you can simply check for them in the HTML of the page. The simple idea is below:

<html>
    <head></head>
    <body>
       <?php if ($_SESSION['userName'] == 'whateverTheNameShouldBe') : ?>
            <span>Edit</span>
       <?php endif; ?>
    </body>
 </html>

What I would do though is add a key to $_SESSION which indicates whether the user is an admin or not. $_SESSION['isAdmin'] which can be a true/false boolean. Then you can do something like this:

<html>
    <head></head>
    <body>
       <?php if ($_SESSION['isAdmin']) : ?>
            <span>Edit</span>
       <?php endif; ?>
    </body>
 </html>

Since you can embed PHP into HTML, it's REALLY easy to control what you do and don't show in the HTML pages. All you have to make sure is that your $_SESSION contains the necessary flags that you can use if/else conditions on.

Note that it's not recommended you use the $_SESSION global var directly. Ideally you would want some kind of session handler class that stores sessions in the database, but that could be a bit overkill for what you're trying to achieve.